Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: ZLOADER
- SUBJECTS OBSERVED
- Agreement ID 948 data
- Detailed Receipt number 739
- Tips on invoice - No. 631
- SENDERS OBSERVED
- cadboroughvimlip4@aol[.]com
- goignusglusx@aol[.]com
- werberht_erok@aol[.]com
- EXCEL FILE NAMES
- IBB-739[.]xls
- XFG948[.]xls
- ZYI-631[.]xls
- EXCEL FILE HASHES
- 6f2f90e46dfe67a3837abc6150e7153c
- 75c347ee5c88139b0d70c10b57819a98
- 7c0906abafecad2c7cf6c1271d639fa1
- ZLOADER PAYLOAD URLs
- hxxps://6730dartmouth[.]com/wp-keys[.]php
- hxxps://akcje[.]browarbrodacz[.]pl/wp-keys[.]php
- hxxp://myadvision[.]com/wp-keys[.]php
- hxxps://scoutadvisors[.]com/wp-keys[.]php
- ZLOADER C2s
- hxxp://myadvision[.]com/wp-parsing[.]php
- hxxps://6730dartmouth[.]com/wp-parsing[.]php
- hxxps://akcje[.]browarbrodacz[.]pl/wp-parsing[.]php
- hxxps://winfectsolutions[.]com/wp-parsing[.]php
- hxxps://wadapptanara[.]tk/wp-parsing[.]php
- hxxps://fortsanmanesilink[.]ga/wp-parsing[.]php
- SUPPORTING EVIDENCE
- https://pastebin.com/MtE7jpYB
- https://app.any.run/tasks/5f826b3c-11b7-4fd9-8193-ce9eacf7cc81#
- https://app.any.run/tasks/8b72d71a-0d33-4b77-8f6b-f7e9dcad0403
Add Comment
Please, Sign In to add comment
